Closed
Bug 300003
Opened 19 years ago
Closed 19 years ago
XUL error pages should not have chrome privileges
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 292624
People
(Reporter: sync2d, Assigned: dveditz)
Details
(Whiteboard: [sg:dupe 292624])
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8b2) Gecko/20050707 Firefox/1.0+
XUL error pages should not have chrome privileges because any untrusted
content can and should be able to load the error pages. The error pages
are used by the default in recent Firefox trunk (bug 216466). So exploits
can load the error pages automatically and abuse its elevated privileges
by bugs such as XSS in Mozilla.
see also: bug 28586, bug 286651
Reproducible: Always
Steps to Reproduce:
Actual Results:
XUL error pages have chrome privileges.
Expected Results:
XUL error pages DOES NOT have chrome privileges.
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 292624 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Group: security
Assignee | ||
Updated•19 years ago
|
Whiteboard: [sg:dupe 292624]
Assignee | ||
Updated•18 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•